The m_authenticate function in modules/m_sasl.c in Charybdis prior to 3.5.3 allows remote malicious users to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
charybdis project charybdis |